CVE-2020-24683
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | ABB Ability™ Symphony® Plus Operations | unspecified < 2.1 SP1 | affected |
Weaknesses
- CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security
- CWE-305: CWE-305 Authentication Bypass by Primary Weakness
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.